The object of the present invention is an electronic payment process and a system for implementing this process.
Electronic payment, or distance payment, is well known. It may take more or less sophisticated forms:
by telephone, a customer may communicate his bank card number to a merchant,
with a personal computer, the customer may pass this number on to the merchant""s server,
with devices of the Minitel (trademark) type, which has a smart-card reader, the user inserts his bank card into the reader and provides a confidential code; if the code is correct, the card number is passed on to the merchant.
These procedures do not always offer the required security. In this respect, electronic payment raises specific difficulties. Thus, protecting the so-called bank card xe2x80x9cidentifiersxe2x80x9d (card number/validity expiry date, etc.) also known as PAN (xe2x80x9cPrimary Account Numberxe2x80x9d), must be ensured effectively; spying on the network or the re-use of these numbers by a dishonest merchant are serious risks which need to be heeded in distance payment.
Furthermore, the impersonal nature of the customer-merchant relationship may be of concern to the customer who inevitably wonders whether the merchant is bona fide and if he is in fact going to deliver the goods item ordered. Merchant authentication is therefore necessary.
Conversely, the problem may conceivably arise of the customer refusing the goods: if the customer is not to have the means to deny making the purchase, a strong recognised electronic signature mechanism is needed which allows them to be statutorily bound by their decision to purchase. If such mechanisms are not in place, the honest merchant will be exposed to a real risk of non-payment.
All these difficulties are curbing the development of electronic commerce. The purpose of the present invention is to provide a solution to these difficulties.
The document WO-A-99/03243 describes a system and a process to manage transactions where a mediation server is placed between a server and a customer point. In this system, it is the customer who sends a request to the server, which responds through the mediation server which invoices the customer.
The document WO-A-96/25828 describes an electronic payment process in a mobile station.
To thus end, the invention proposes firstly the use, at customer level, of particular equipment namely mobile equipment, for example of the GSM (xe2x80x9cGlobal System for Mobile Communicationsxe2x80x9d) type. It also proposes the participation of an entity ensuring the proper operation of the transaction. In respect of the first aspect of the invention, it is known that mobile equipment is developing rapidly in France and abroad: 10 million sets in France at the end of 1998, and 100 million in the world. We should remind ourselves of the functions of a mobile, in particular of the GSM type, in order to get a better understanding of the advantage of the electronic payment process according to the invention. GSM telephones have the conventional functions of a fixed telephone (dial to call, be called, voice communicate) and data send and receive functions:
1. sending DTMF (xe2x80x9cDual Tone Multi Frequencyxe2x80x9d) data during voice communication, data which corresponds to the button code activated by the user;
2. send-receive short text messages (SM) which can be stored in a SIM (xe2x80x9cSubscriber Identification Modulexe2x80x9d) card; these messages may be displayed on a screen of the mobile equipment by means of particular buttons; these messages remain in the card until the user deletes them;
3. send-receive short data messages (SM), created and processed by a so-called xe2x80x9ctoolkitxe2x80x9d program, or TK for short;
4. the programs referred to above are programs residing in the SIM card and which make it possible, in addition to the internal processes (calculation, data management) which any program can perform, to act on the mobile display, to enter the button on the keypad activated by the user, to receive an SM message, to send an SM message;
5. a new possibility has appeared in some mobile equipment; to accept a second smart-card, in addition to the SIM card, which makes it possible, for example, to use a portable GSM with a bank payment card (CB) nearly 30 million of which are in circulation in France, or an electronic purse card many of which exist in Europe or in the world.
It is notable that older (first generation, i.e. phase 1 and 2 GSM) mobile equipment only had functions 1 and 2. Functions 3 and 4 are of more recent origin and will be extended rapidly to all so-called second generation (phase 2+) mobiles; the no. 5 possibility for the moment concerns only a small percentage of second generation mobiles but is destined to develop.
According to the second aspect of the invention, electronic payment is made through a so-called xe2x80x9cgatewayxe2x80x9d entity, acting as payment server. This gateway has telecommunications equipment allowing it to establish some form of connection (telephone, via the Internet network, etc.) with a merchant, and a telephone connection with the customer using the latter""s GSM mobile equipment. The essential function of the gateway is to establish a link between the merchant and the customer by authenticating both the merchant and the customer, and to receive the customer""s confidential data allowing him/her to make the payment.
The security of customer and merchant is thus ensured and the payment made.
More exactly, the object of the present invention is an electronic payment process involving a first entity called the xe2x80x9ccustomerxe2x80x9d having a first piece of telephone equipment and a second entity called xe2x80x9cthe merchantxe2x80x9d having a second piece of telecommunications equipment, this process being characterised in that the customer""s equipment is a piece of mobile telephone equipment and in that it involves additionally a third entity, called a xe2x80x9cgatewayxe2x80x9d having a third piece of telecommunications equipment able to establish a connection with the merchant""s equipment and a telephone connection with the customer""s equipment, this process including the following exchanges between the equipment of the three entities:
a) the merchant sends to the gateway data defining an offer of service with, in particular, the amount to be settled by the customer, and adds to this data merchant identification data,
b) the gateway authenticates the merchant, converts the offer data into a message adapted to the performance of the customer""s mobile equipment and sends this message together with gateway authentication data to the customer,
c) the customer authenticates the gateway and sends back to it an agreement message, together with confidential information allowing the payment amount to be settled,
d) the gateway-authenticates the customer, verifies that payment is possible and sends to the merchant a message stipulating that the payment amount is fully able to be settled.
Preferably, the customer""s mobile equipment is of the GSM type, of any generation (known or to come).
The third entity may, in certain circumstances, be located with the merchant, or in other circumstances, in the bank.
Another object of the present invention is a system for implementing this process.